diff options
author | Lars Wirzenius <liw@liw.fi> | 2017-11-15 20:00:36 +0100 |
---|---|---|
committer | Lars Wirzenius <liw@liw.fi> | 2017-11-15 20:00:36 +0100 |
commit | 167b929e261698c1946626f09665779f9a1ea264 (patch) | |
tree | 804efc3ae11860e62de1d3b7aacefde9af4092e4 /icktool | |
parent | cae827600578959950358f65a2c3c9468fe36007 (diff) | |
download | ick2-167b929e261698c1946626f09665779f9a1ea264.tar.gz |
Add: generate token in-process in icktool
Diffstat (limited to 'icktool')
-rwxr-xr-x | icktool | 24 |
1 files changed, 22 insertions, 2 deletions
@@ -18,8 +18,11 @@ import json import logging import sys +import time +import apifw import cliapp +import Crypto.PublicKey.RSA import requests import ick2 @@ -341,9 +344,26 @@ class TokenGenerator: assert self._cmd is not None assert self._scopes is not None + # These should agree with how ick controller is configured. + # See the Ansible playbook. They should probably be + # configurable. + iss = 'localhost' + aud = 'localhost' + privkey = cliapp.runcmd(['sh', '-c', self._cmd]) - token = cliapp.runcmd( - ['./create-token', ' '.join(self._scopes)], feed_stdin=privkey) + key = Crypto.PublicKey.RSA.importKey(privkey) + scopes = ' '.join(self._scopes) + + now = time.time() + claims = { + 'iss': iss, + 'sub': 'subject-uuid', + 'aud': aud, + 'exp': now + 86400, # FIXME: This is silly long + 'scope': scopes, + } + + token = apifw.create_token(claims, key) return token.decode('ascii') |